VPN Gateway Subnet Routing

[JordanPlayz158]

I have added Mullvad WireGuard VPN to my Router as a gateway following https://mullvad.net/en/help/pfsense-with-wireguard/ up until "Configure the outbound firewall", I have modified no firewall rules but it seems as though even with no routing modifications, once I added the gateway, now all traffic is going through the Mullvad VPN, while that is nice, it is not ideal as certain sites do not let you on when using a VPN. I would like to make firewall rules where I have all `192.168.1.0/24` traffic going through WAN gateway and `192.168.2.0/24` (using Virtual IP) going through the Mullvad Gateway that way I can get the best of both worlds (this can be very helpful to run this at the router level and route it transparently so I can use proxies/VPNs even on devices which may not have good support (or any), I have looked up so many different terms on the search engine and tries so many different fixes and read the documentation and tried to make my own rules (both almost exclusively in the Firewall->NAT->Outbound and Firewall->Rules) and I can't get it to work, I did come across a term which may assist in understanding, when I looked it up, the term used was "Policy based routing".


Firewall->NAT->Outbound:

MullvadVPN    LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24    *    *    500  MullvadVPN    *    YES    Auto created rule for ISAKMP
MullvadVPN    LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24    *    *    *    MullvadVPN    *    NO    Auto created rule
WAN    LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24    *    *    500    WAN    *    YES    Auto created rule for ISAKMP
WAN    LAN networks, Loopback networks, 127.0.0.0/8, 10.0.0.0/24    *    *    *    WAN    *    NO    Auto created rule

I have tried manual rules only and hybrid and tried to override the automatic rules and change it to have WAN take precedence assuming Mullvad is the first rule (given the ordering of the rules) and uses that but that seems to be wrong as manual rules and hybrid override didn't appear to work. But also it appears manual rules don't have the same settings or perhaps look, for example, Nat Address only allows WAN net or WAN address, not just WAN and the automatic rules are able to select multiple sources (I was able to with an alias but still doesn't look the same as the automatic rules but I'd suspect that could just be a compact way to show the automatic rules).

[zan]

It sounds like your Wireguard gateway became your default route.
To prevent it you need to check the "Disable Routes" on your Wireguard setting.

[wotcha]

Follow this guide exactly.

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

And instead of the phrase “WG_VPN_Hosts” just replace it with VLAN2.
So when you create the FW alias, instead create a Network and type in 192.168.2.1/24 or your VLAN2
So therefore Anywhere that it says “WG_VPN_Hosts”, that is just your VLAN2 network.

I think that’s what you’re asking…